About Touch ID advanced security technology

Much of our digital lives is stored on our Apple devices, and we recommend that you always use a passcode or password to help protect this important information and your privacy. Using Touch ID on your iPhone, iPad, and MacBook Pro is an easy way to use your fingerprint instead of a password for many common operations. With just a touch of your finger, the sensor quickly reads your fingerprint and automatically unlocks your device. You can use it to authorize purchases from the iTunes Store, App Store, and iBooks Store, as well as with Apple Pay. Developers can also allow you to use Touch ID to sign into their apps.

Advanced technologies

The technology within Touch ID is some of the most advanced hardware and software that we've put into any device. The button is made from sapphire crystal—one of the clearest, hardest materials available. This protects the sensor and acts as a lens to precisely focus it on your finger. On iPhone and iPad, a steel ring surrounding the button detects your finger and tells Touch ID to start reading your fingerprint.

The sensor uses advanced capacitive touch to take a high-resolution image from small sections of your fingerprint from the subepidermal layers of your skin. Touch ID then intelligently analyzes this information with a remarkable degree of detail and precision. It categorizes your fingerprint as one of three basic types—arch, loop, or whorl. It also maps out individual details in the ridges that are smaller than the human eye can see, and even inspects minor variations in ridge direction caused by pores and edge structures.

Touch ID can read multiple fingerprints, and it can read fingerprints in 360-degrees of orientation. It then creates a mathematical representation of your fingerprint and compares this to your enrolled fingerprint data to identify a match and unlock your device. It’s only this mathematical representation of your fingerprint that is stored—never images of your finger itself. Touch ID will incrementally update the mathematical representation of enrolled fingerprints over time to improve matching accuracy.

Security safeguards

Every fingerprint is unique, so it’s rare that even a small section of two separate fingerprints are alike enough to register as a match for Touch ID. The probability of this happening is 1 in 50,000 with a single, enrolled finger. And Touch ID allows only five unsuccessful fingerprint match attempts before you must enter your password. By comparison, the odds of guessing a typical 4-digit passcode are 1 in 10,000. Although some codes, like “1234,” might be more easily guessed, there is no such thing as an easily guessable fingerprint pattern.

To start using Touch ID, you must first set up a passcode on your iPhone or iPad (or a password on your Mac). You must enter your passcode or password for additional security validation:

after you restart your iPhone, iPad, or Mac;

when more than 48 hours have passed from the last time you unlocked your device;

to add or delete a fingerprint to use with Touch ID;

to change the iPhone or iPad passcode or Mac system password, and for other security settings like FileVault on your Mac;

when there have been more than five unrecognized Touch ID authorization attempts in a row; and

If your device is lost or stolen, you can prevent Touch ID from being used to unlock your device with Find My iPhone Lost Mode. Starting with iOS 7, your iPhone and iPad offer additional protection against theft with Activation Lock, which requires an Apple ID and password to turn off Find My iPhone, erase data, or reactivate your device. If your MacBook Pro with Touch ID is lost or stolen, erasing your Mac remotely also disables Touch ID.

You can also use Touch ID to purchase content from the iTunes Store, App Store, and iBooks Store, instead of entering your Apple ID password.

Touch ID can be used by multiple users on a MacBook Pro, making it easy to share a system securely. Each user account can have up to three enrolled fingerprints, and a total of five fingerprints can be enrolled across the system.

Secure Enclave

The chip in your device includes an advanced security architecture called the Secure Enclave, which was developed to protect your passcode and fingerprint data. Touch ID doesn't store any images of your fingerprint, and instead relies only on a mathematical representation. It isn't possible for someone to reverse engineer your actual fingerprint image from this stored data.

Your fingerprint data is encrypted, stored on device, and protected with a key available only to the Secure Enclave. Your fingerprint data is used only by the Secure Enclave to verify that your fingerprint matches the enrolled fingerprint data. It can’t be accessed by the OS on your device or by any applications running on it. It's never stored on Apple servers, it's never backed up to iCloud or anywhere else, and it can't be used to match against other fingerprint databases.